Monday, December 1, 2014

Additional Resources for IINS 640-554 (WGU CNV1)

I am in the process of adding additional resources I used beyond the CBTNuggets and official Cisco book for the test.

This is based off of my actual test experience and Cisco's CCNA Security Exam Topics.


  • Overall information to review and study directly from Cisco itself is here. They have several resources that are beyond the scope of the material from CBT and the books.
  • Chapter 6, For Layer 2 Security/Common Layer 2 attacks, the link doesn't appear to work. I used this resource from Pearson. This beyond what is in the the book. Since it is 25 pages and the reference link is 25 pages, I'm guessing it is the resource link we are to use. Based upon experience, I am confident this is the material. Seriously, read it, take notes.

I'll add more as I get back into this test.


Posted by at No comments:
Labels: , , ,

Friday, November 21, 2014

CNV1 -- IINS 640-554 Test -- Failed

I recently took the Cisco CCNA Security 640-554 test and failed with a 888 with an 898 needed Yeah, big suckage. 5 days for Cisco before retake and I do know now how long for the WGU retake.

Thoughts on the test without hopefully violating the terms.

  • Know the CCP GUI for all the sections and material you are responsible for. The test expects some level of knowledge here
    • This includes how to do a configuration of the selected tasks.
    • What the path/where to click to access the task or information. (IE, where do you go to configure NTP Servers in CCP).
    • The tasks to know
      • How to view and configure everything related to an access-list
      • How to view and configure everything related to IOS VPN
      • How to view and configure everything related to IOS Firewall
      • How to view and configure everything related to AAA
      • How to view and configure everything related to time
      • The tasks and steps under the security audit tab
  • Know the same topics from the command line too. :)
  • Know your ASA for SSL VPN options and setup
  • The books provide most of the test information you will need. However, some areas that I think the books, practice tests, video (CBT) were short on.
    • IPv6
    • IPv6 access-lists
    • PVlan
    • Layer 2 (books and video especially)
  • Have a better understanding than the books give for the other Cisco products basically outside the scope of the test. Inside the scope would be CCP, ASA, IOS, IOS IPS, & ASDM. The books do cover these other items (SecureScan, IronPort, SCM). You don't need a detailed knowledge of how to configure or use these devices, but know the feature sets they offer.
  • Have a good understanding of layer 2 protocols and protections. Understand Layer 2 from what the Boson practice test quizzes you over. The books and videos aren't enough.
  • Know the Cisco answer to the question. I got a question that there were 3 rights and I had to pick 2. It wasn't one of the, "which of the following is the best..." either. Experience in the real world can be good AND bad.
  • The study material probably covers only 85-90% of what I was tested on.
  • Review the official Cisco Exam topics. Like everything else in life, what you don't prepare for  always seems to show up.
Personal thoughts:
  • I think I might have got a pretty crappy role from the RNG on what I was tested over in certain areas. I'm sure life evens itself out eventually.
  • Never forget Cisco certs are highly sought after so the questions and material will reflect it. Lots of opportunity for "bad" people to dump answers and raise the bar for the rest of us. Cisco has to make it harder somehow so they will do the following:
    • Expect poorly worded questions to distract, confuse or frustrate you.
    • Expect to see some minutiae questions. They will test you over a single sentence from the book.
    • Test outside of the book & video but still within exam objectives (NOT NICE!)
  • Studying for this one isn't fun. You will spend quite a bit of time messing with the environment to get enough hands on practice. You will be reloading OS, configs, scenarios, waiting for CCP, etc...
From the WGU Perspective:
  • There's NO help in the forums for the current version of the test. You are on your own.
  • Again there is a large gap between the test and the material. As a college course you kinda hope to have materials that provide you an environment to simulate the material on the test especially if it is hands on. Access to IOS, ASA, ASDM, IOS IPS, CCP are either memorize the lecture steps (hahahaha), buy equipment to practice, or find emulators to practice.

Posted by at No comments:
Labels: , , ,

Monday, November 17, 2014

WGU -- CNV1, IINS 640-554 Studying

Well this has been among the most frustrating courses to study. I have grabbed my voucher and am looking to schedule the test this week. Wish me luck. Onto the study material.

First, the course of study read likes, here's the material, good luck. The forums mention little to worse. So, based on the C.O.S., the CBTNuggets are entertaining and good. The only thing is having to setup a lab or 2 that emulates the commands. Even having 10+ years of experience on Cisco gear, learning zones, zone pairs, ccp, etc are newish to me. I can't imagine learning this from start. Here is what I did and built.

Host machine: Win 7 box with quad core proc and 16G of rams with dual monitors. I wish it had 3. One for the lab setup (including putty), one for the CBT at full screen, one for the virtual machines in the labs. It has worked well.

Software (sorry to my Linux/Apple host friends, but you can get pretty close, or better. GNS3 and most of the software works everywhere, and supposedly better in others. Lucky):

  • Oracle's Virtualbox. If you are WGU student you should have it from your linux+ stuff. I used this to emulate some win7 and a radius boxes. And use your  WGU licensing from MS to spin up and clone. Plus, when you clone in the Virtualbox, the sheep makes me laugh every time. I have 3 win 7 clones sitting there. These boxes will need to be attached to GNS3. You don't have to setup the radius boxes, but i'm a nerd. 
  • VMWare's VMPlayer -- This is so you can spin up the ACS server to see how tacacs+ works (if you want).
  • Some people will find the need for MS loopback adapter for...
  • GNS3. Godsend. If you want to practice without actually buying the hardware, you NEED this. This software is awesome. I will grab a list of links. Right now, they have just launched 1.0/1.1 version and a lot of the links are for 0.86 etc. here are some quick notes...
    • First, it lets you spin up Cisco equipment sufficient enough to practice on the command line. Until you are can type en, cisco123, conf t, username admin secret 0 cisco, etc, until you are blue in the face. Plus these same boxes can be manage by your VM win7 box running in the same virtual environment. 
    • On the ASA, do not put in options if you use 8.4.2. it simply works. However, it will chew up one of your 4 cores (at least it did mine). My proc runs at 25% all the time when i have an ASA up.
    • Make sure you find a good idle time value. 
    • If your connecitons are working but you -know- you have it setup right. save your GNS3 config, save your device configs, and restart GNS3. 
    • GNS3 lets you attach your VMs to it. 
      • Virtualbox works out of the box directly connected. Find the articles how to do it. I say this is pretty f-ing cool. 
      • VMPlayer has to be attached via a cloud/loopback adapter. I used the Virtualbox adapters here. VMPlayer doesn't have the hooks to directly connect and the ACS boxes require VMWare in their hardware check. (Yes i am sure you can make it not, but my google-foo was exhausted, and my patience was gone by then. If you have the details, i'll add 'em). 
My actual study routine. I read the book first online. I used Safaribooksonline. I like this resource better than the WGU option. same book, different location. I took notes. I used 5*7 notecards. I take notes on concepts, not word x = definition. For example, my card on IKE Phase 1 has HAGLE, with all the parts of hagle broken out with details such has DH supports 1 @ 768, 2 @ 1024, and 5 @ 15xx, H has SHA1 (@ 160), and MD5 (@128). And it is a single bi directional tunnel. 
After reading the books, i watched the cbtnuggets material. Keith is a good lecturer. Most of the lectures takes 2 or 3 times the running time of the material for me. I typical pause and rewind him as he does the configuration. I made 2 or 3 instances of setup within my GNS setup. repetition makes perfect. 

Now I am on to the practice tests from Boson. It scares me to read the reviews. Not promising. Old test, missed material. We will see. This is the only test we have score an "A" on and our material and testing have left quite a few out in the cold. Scary. I made right at 80% on my first time through on Boson. I always use the practice method. Question, my answer, grade my answer, review the material. Also had my favorite, questions on material that my material didn't cover. They asked a concept PVLANs that are in the official cisco curriculum stuff, but not i don't recall it in either study material (book or cbt). Some of the details they asked, i didn't recall, but that's why we take practice test. honing and focus and repetition. 

Anyhow, the frustrations of this course...Once you figure out that GNS3 and VM and Virtualbox can solve some problems.
  • Where do i get software?!? And what do I need to do.
    • Ask your account mgr if you have a contract with Cisco. This will be the 1, most frustrating problem through the course. Plus from my understanding, the internet comes with a search function. 
    • You will need IOS router software. I used 7200's with 15.0x running for my labs
    • You will need to get IOS IPS Signatures. 
    • You will need ASA software, 8.4.2 is supported.
    • I used 3 Win7 virtual boxes, one for CCP, one for ADSM, one for AnyConnect.
    • You can spin up the attack box our instructor uses. The product name has been updated. 
  • GNS3 is excellent except for....
    • My ASA won't save its config beyond a GNS restart (save a script, best i got so far)
    • My ASA doesn't do DHCP right (save a script and restart the project)
    • My ASA's chew up my processor. (agreed, shut 'em down when not in use)
    • My cloud doesn't work right ( again saving and reloading my project)
    • My switch doesn't work right (again, saving and reloading project worked for me)
    • My routers cook my CPU (find your idle-timeouts and use a supported IOS).
    • I get strange console errors (meh, i am not doing routing labs, so don't care -- yet).
    • Where are the Cisco switches (not supported).
  • Seriously, where do i get software. Search for GNS3 IOS images. I agree, frustrating, that a university, vendor, can get us time-bombed material so we can practice. 
  • The forums are 0 help here WGU students. Sorry. Normally, they serve as a great guide.
  • Pacing guide, read 2 chapters a week. That's not a guide....
I'll post an update how i do this week. Thursday is looking to be test day. Plus, I want to forget over Turkey day. 






Posted by at No comments:
Labels: , ,

Saturday, November 1, 2014

CNV1 - Designing Custom Security Solutions -- IINS 640-554 Setup

Wow. This course does not have much pre-test help. The forums were very lacking in information on how to prep. Listen to the CBT nuggets, read the book and do the practice test. That makes getting hands on practice kinda difficult if you don't have gear. Not good.

I decided to use GNS3 and virtualbox to do the routers and such. It has taken a 2 days to get the environment setup. I read the manual after getting lost for an hour or two. I try the click until something good happens at first. Helps me learn where everything is before reading a manual cold. Next, Getting IOS images is a challenge. Plus setting the idle time is important. Last, connecting virtualbox into the system is cool. Yay, practice for tacacs+ and radius. Good thing to save those practice Win7 and Linux machines from earlier courses.


Posted by at No comments:
Labels: ,

Tuesday, October 28, 2014

CTV1 -- SY0-022/SY0-401 -- Security+ Passed

Yay! Passed another one. This was one of the harder or more intimidating courses to pass. You have to get a 750/900 and that translates to between an 81-83%. That's a bit high than the 600 or 700/900 on most of the CompTIA courses so far in the curriculum. Anywho, rambling. Back to the course.

Study Material: Again, after checking the forums and reading what other students had done, I went with a 3rd party source for studying, not the official WGU material. I used the book from Darril Gibson (kindle -- $9.99)along with the practice tests ($19.99 or 29.99) on his website. The book is a relative easy read, and it doesn't get lost in the woods like many of the other resources. It has the level of detail needed for the test, but not too much more.

Practice Test: I used Mr. Gibson's website practice test material for the majority of my practice sessions. I was scoring 98% on his site, but 90% in real life. (If you get the material, you'll understand that statement). I did take the Transcender's material offered with the course, but I thought several of the question banks could use some work. (Look at the sources for the questions when reviewing the answers. Seriously, if it isn't part of the official study guide certified by CompTIA, why is it being tested?). I was making 75% to 82% on the transcender material the day of the test.

Test: 70 questions, 90 minutes. Yikes. Gotta hustle. The test had your standard simulations like most CompTIA courses now. There were 6-8 of those. Rest were multiple guess based on two to three sentence scenarios or pure definition questions. Along the way there were multi-select multiple choice just to spice it up.

The scenarios can chew into your time. I always find the hardest part is getting enough screen real-estate to see the test question, the diagram, and the answer area. I end up having to move windows around all the time. Grrrr. Those took 3 minutes or so each. I am starting to think on the scenarios, don't even read the question. Just open the scenario, quick view the diagram, and then read the question after looking at the diagram(s). The question always hovers sonit is readily available to view.

The whole test took me 55 minutes total. Some of the questions are awkwardly worded (as usual). Made an 816 for my troubles.


Posted by at No comments:
Labels: , , , ,

Thursday, October 23, 2014

WGU -- Week Update

Ok, here's a bad of the WGU experience. This is picking the nits off of nits, so take it that way. Consider it a lesson learned on my part. I'm waiting to take the CTV1 or SY0-401 certification test. The goal was this Friday. Well, goals and reality don't always meet up.

Within WGU, you have to request approval to go take your test with your mentor and quite possibly the course mentor. Once s/he approves the test, you have to request the test within the course of study. Then testing or whoever issues you a testing voucher. At $250 per test, I'll wait for the voucher thank you very much. Official policy is 48-96 hours or so is the policy to issue the voucher. Until this time, it had been less than 48 hours. Not this time though. Bah. Oh well. The location where I test is fairly flexible so I don't factor that in.

The lesson: if you know what day you want to take your test, make sure you give yourself 5-7 days to get all the appropriate paperwork filed. 10 days if you are that type (raises hand). Consider it your own personal project management experience. Yeah, knowing if you are ready 10 days out can be a challenge. You will figure out your rhythm.
Posted by at No comments:
Labels: ,

Wednesday, October 15, 2014

WGU Update -- BNC1 Down

This is the organization behavior course. Having been in mid-level management, it was nice to have official terms for some of the things I have experienced. Anywho, on to the course itself. Follow the course of study to the letter. This is a good course if you haven't been back to school in a while. Read the chapters, and don't let the first section beat you down as it is 3 chapters in the book. There are a lot of terms. The rest of the course subsections are only 1 or 2 chapters long each. Do the practice tests. Grade them with the lectures. If you aren't good at tests, listen to the lecture on how to eliminate obviously wrong answers. Mr. Jividen takes time to help you on this technique throughout all of the sections. If you are good at testing, fast-play will be your friend. Review the key areas (groups, teams, and the org section). Test. Its the Kryterion one so its a home test for most. Move along.

I made about 40 5*7" notecards for this one. I like putting an entire topics on a card. I write smallish. example, one card for me was the 5 stages of group formation. Another was the 4 types of decision making in group or whatever it is called (Face-to-face, brain-storming, Nominal, and virtual). I put a few comments about little subsection. I use traditional cards. My eyes are old and tired and staring at the screen at night hurts after reading it all day.

I found the material entertaining, but i enjoy people watching and observing things. If you don't enjoy understanding (or at least the attempt to understand) the human aspect of life within a business environment, well, this will not be your cup of tea.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)